Integrations

apptor flow connects to external systems through a Connections system — a centralized credential store that decouples workflow logic from authentication details.

---

How Integrations Work

The platform separates external service connectivity into three layers:

Integration (template — defines structure and auth type)
  └── Connection (named instance — environment-agnostic)
        ├── Development credentials  ← resolved when flow runs in Development
        └── Production credentials   ← resolved when flow runs in Production

When a workflow node needs to call an external service, it references a Connection by name. At runtime the engine resolves the correct credentials based on the current execution environment — no changes to the flow definition are needed.

This pattern means:

• Credentials are never visible in workflow definitions
• The same workflow uses sandbox credentials in Development and live credentials in Production automatically
• Rotating a credential only requires updating the connection's credentials — no workflow changes needed

---

Integration Types

Type	Node Types	Description
REST API	Service Task (REST), Tool (REST)	Any HTTP/HTTPS API
Email	Service Task (Email), Tool (Email)	Transactional email delivery
Database	Service Task (SQL), Tool (SQL)	Direct SQL execution
SMS	Service Task (SMS)	Text message delivery
AI Provider	AI Task, Voice Task	LLM and voice AI models
MCP Server	Tool (MCP)	Model Context Protocol servers
Voice	Voice Task	Telephony for voice calls
Domain	Domain Task	Vertical-specific API abstractions

---

REST API

The most general-purpose integration type. Connects to any HTTP or HTTPS endpoint.

Supported Auth Types

Auth Type	How It Works	When to Use
None	No auth header added	Public APIs
Bearer Token	Adds Authorization: Bearer <token>	OAuth2 access tokens, JWT
Basic Auth	Adds Authorization: Basic base64(user:pass)	APIs using HTTP Basic authentication
API Key Header	Adds a custom header (e.g., X-API-Key: <key>)	APIs requiring a key in a header
OAuth2	Performs client credentials flow; refreshes token automatically	Enterprise APIs (Salesforce, Microsoft 365, etc.)

Connection Fields

Field	Required	Description
Name	Yes	Display name (e.g., "Stripe Production")
Base URL	Yes	Root URL — node paths are appended to this
Auth Type	Yes	One of the auth types above
Token / Key	Conditional	Credential value — use {env.SECRET_NAME}
Headers	No	Static headers added to every request (JSON)
Timeout	No	Request timeout in seconds (default: 30)

OAuth2 Additional Fields

Field	Description
Token URL	OAuth2 token endpoint
Client ID	OAuth2 client ID
Client Secret	Use {env.OAUTH_SECRET}
Scope	Space-separated OAuth2 scopes

---

Email

Sends transactional emails through your chosen email provider.

Supported Providers

Provider	Description
Mailjet	API-based delivery, good for transactional and bulk
SendGrid	Industry-standard email API
SMTP	Any SMTP server (Google Workspace, Office 365, custom)
Amazon SES	AWS Simple Email Service

Connection Fields

Field	Required	Description
Name	Yes	Display name
Provider	Yes	Mailjet / SendGrid / SMTP / SES
API Key	Conditional	Provider API key — use {env.EMAIL_API_KEY}
From Name	Yes	Default sender display name
From Email	Yes	Default sender email address
SMTP Host	SMTP only	SMTP server hostname
SMTP Port	SMTP only	Port (587 for TLS, 465 for SSL, 25 for plain)
SMTP User	SMTP only	SMTP username
SMTP Password	SMTP only	Use {env.SMTP_PASSWORD}

---

Database (SQL)

Executes SQL queries against relational databases. Supports parameterized queries to prevent SQL injection.

Supported Databases

Database	Driver	Default Port
PostgreSQL	JDBC	5432
MySQL	JDBC	3306
Microsoft SQL Server	JDBC	1433
Oracle Database	JDBC	1521

Connection Fields

Field	Required	Description
Name	Yes	Display name
Driver	Yes	Database type
Host	Yes	Database server hostname or IP
Port	Yes	Connection port
Database	Yes	Database / schema name
Username	Yes	Database user
Password	Yes	Use {env.DB_PASSWORD}
SSL	No	Enable SSL/TLS encryption
Pool Size	No	Max connection pool size (default: 5)

Security Note

Always use parameterized queries in Service Task (SQL) nodes. Never concatenate user input directly into SQL strings. The SQL node supports named parameters (?1, ?2) which the engine substitutes safely.

---

SMS

Sends text messages (SMS) to phone numbers.

Supported Providers

Provider	Description
Twilio	Market leader for programmable SMS
Vonage (Nexmo)	Global SMS delivery
Amazon SNS	AWS Simple Notification Service

Connection Fields

Field	Required	Description
Name	Yes	Display name
Provider	Yes	Twilio / Vonage / SNS
Account SID	Twilio	Twilio account identifier
Auth Token	Twilio	Use {env.TWILIO_AUTH_TOKEN}
From Number	Yes	Registered sender number (E.164 format)
API Key	Vonage/SNS	Use {env.SMS_API_KEY}

---

AI Provider

Connects to large language model (LLM) providers used by AI Task and Voice Task nodes.

Supported Providers

Provider	Models Available
OpenAI	GPT-4o, GPT-4o-mini, GPT-4 Turbo, o1, o3-mini, DALL-E (images)
Anthropic	Claude 3.5 Sonnet, Claude 3.5 Haiku, Claude 3 Opus
Google Gemini	Gemini 1.5 Pro, Gemini 1.5 Flash, Gemini 2.0 Flash
Azure OpenAI	GPT-4o, GPT-4 (deployed via Azure)
Ollama	Any locally-hosted open-source model (Llama, Mistral, Qwen, etc.)

Connection Fields

Field	Required	Description
Name	Yes	Display name
Provider	Yes	Provider type
API Key	Yes	Use {env.OPENAI_API_KEY}
Model	Yes	Default model identifier
Temperature	No	Sampling temperature 0.0–2.0 (default: 0.7)
Max Tokens	No	Maximum response token count
Base URL	Azure/Ollama	Custom API endpoint URL

AI Provider Selection Guide

Use Case	Recommended Provider
General-purpose reasoning	OpenAI GPT-4o or Anthropic Claude 3.5 Sonnet
High-volume, cost-sensitive	GPT-4o-mini or Gemini Flash
Long context (200K+ tokens)	Anthropic Claude 3 or Gemini 1.5 Pro
Private/on-premise deployment	Ollama with a local model
Enterprise Microsoft environment	Azure OpenAI

---

MCP Server

Connects to any Model Context Protocol (MCP) server, enabling AI Tasks to call any tool exposed by that server.

Connection Fields

Field	Required	Description
Name	Yes	Display name
URL	Yes	MCP server endpoint URL
Auth Type	No	Bearer Token or API Key
Token	Conditional	Auth credential — use {env.MCP_TOKEN}

MCP tools exposed by the server are automatically discovered and made available to AI Tasks that use this connection.

---

Voice

Telephony connections for voice call automation using the Voice Task node.

Supported Providers

Provider	Description
Twilio	PSTN calls with real-time audio streaming
Vonage	Voice API for inbound/outbound calls

Connection Fields

Field	Description
Name	Display name
Provider	Twilio / Vonage
Account SID / Key	Provider credentials
Phone Number	Registered Twilio/Vonage number for outbound calls
Webhook Base URL	Your server URL for inbound call webhooks

---

Domain (Vertical)

Domain connections abstract over business-domain APIs — CRM, HR, payments, etc. — using a provider-agnostic model. The Domain Task node works in terms of domain operations (e.g., "create customer", "get invoice") rather than raw HTTP calls.

How It Differs from REST API

REST API Connection	Domain Connection
You specify exact endpoint paths	You select a domain operation by name
You build the request payload manually	The engine maps domain model to provider format
Output is raw JSON	Output is a normalized domain object
Works with any HTTP API	Works only with supported vertical providers

Supported Domains

Domain	Operations
CRM	Get contact, create contact, update contact, search contacts
HR	Get employee, list employees, create time-off request
Payments	Create invoice, get invoice, charge customer
Ticketing	Create ticket, update ticket, get ticket, list tickets

Custom domains can be added by implementing the DomainProvider extension point.

---

Connection Best Practices

Use Secrets for All Credentials

Never paste raw API keys or passwords into connection fields. Always:

1. Create a Secret in the Secrets page (/secrets)
2. Reference it in the connection as {env.MY_SECRET_NAME}

The engine resolves {env.X} at runtime from the encrypted secrets store.

Separate Environments

Create one connection per service and configure credentials per-environment within it — do not create "Stripe Dev" and "Stripe Production" as separate connections.

When adding or editing a connection, configure credentials for each environment:

Environment	Example credentials
Development	Stripe test key (sk_test_...), sandbox database, test email account
Production	Stripe live key (sk_live_...), production database, live email account

The engine automatically uses Development credentials when a flow runs in Development, and Production credentials when a flow runs in Production. The flow definition never needs to change.

Test After Credential Rotation

When you rotate an API key or database password:

1. Update the secret value in the Secrets page
2. Open the connection and click Test Connection
3. Verify it shows Connected before deploying

Name Connections Clearly

Good names prevent mistakes:

Bad	Good
Stripe	Stripe Production
Email	Mailjet Transactional
DB	PostgreSQL Analytics DB
AI	OpenAI GPT-4o Production

---

API: Managing Connections

Connections can also be managed via the REST API. The full endpoint reference is shown below.

# List all connections
GET /api/integrations

# Create a connection
POST /api/integrations

# Update a connection
PUT /api/integrations/{id}

# Test a connection
POST /api/integrations/{id}/test

# Delete a connection
DELETE /api/integrations/{id}